Welcome to your weekly batch of mobile security news that matters – #MobSec5.
This week’s edition includes:
- Will 2017 be the year the courts resolve arguments over the release of private, encrypted data to law enforcement agencies?
- Just how easy would it be to hack the Android device that the president is rumored to be using?
- “May not do cyber EO today. May listen to ideas today first.”
Thanks for reading. Have a great weekend, be good, and stay safe.
FBI v. Apple: One year later, it hasn’t settled much
“At the one-year anniversary of the battle between the FBI and tech giant Apple over unlocking an iPhone, surveillance and privacy rules have not really changed. But they could this coming year, and the debate over that is as intense as ever.”
At RSA Conference 2017 in two weeks, NowSecure CEO Andrew Hoog will discuss how well-intentioned security enhancements in Android and iOS can make it more difficult to detect and respond to mobile threats. During his talk, he’ll touch on the implications of platform owners’ (e.g., Apple’s) policies and their response to law enforcement (e.g., the FBI). If you can’t attend the conference this year, register for an encore webinar presentation of Andrew’s “How Android and iOS Security Enhancements Complicate Threat Detection,“ on February 21.
“Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools.”
“At a dedicated phone forensics facility in Tulsa, Okla., the Secret Service breaks into about 40 phones a year that could contain valuable information related to criminal investigations.”
Trump Cyber Executive Order Calls for 60-Day Review
“President Trump postponed the release and signing of an Executive Order around cybersecurity that calls for a 60-day review systems and critical infrastructure.”
Tuesday came and went without President Trump signing an executive order on cybersecurity. Press secretary Sean Spicer suggested at a press briefing that the president wanted to listen to more ideas before moving forward. For more detail about what it might include, read our blog post about President Trump’s cybersecurity executive order based on a purported draft published by the Washington Post last week. On the lighter side, bide your time waiting for the order by building your own with this online Trump Executive Order Generator.
“We still don’t know exactly how Trump is using the phone. It might be held by an aide or kept in a desk drawer at home, rather than kept on his person. But while those practices would make the phone a less attractive target, it would still be an easy way to listen in on the president.”
Device Security Patch Tracker
“This list is prepared to serve as a quick reference to identify which device is being actively maintained by the vendor.”
The creators of this handy resource are crowd-sourcing the latest information about security patch levels for various manufacturers’ Android devices.
“The company hopes to bring old exploits into the open and encourage better patching in the mobile ecosystem.”
“Your ability to run that 32-bit app is coming to an end. As several other Mac sites have reported, Apple has updated the pop-up warning in the iOS 10.3 beta to say that the 32-bit app you’re running ‘will not work with future versions of iOS.’”
“If in 2004 we had ‘Web 2.0’, now there’s a lot of ‘Mobile 2.0’ around. If Web 2.0 said ‘lots of people have broadband and modern browsers now’, Mobile 2.0 says ‘there are a billion people with high-end smartphones now.’”
In this article predicting what’s next for mobile phones, apps and more; Benedict Evans starts with the fact that “there are a billion people with high-end smartphones now.” In her 2016 Internet Trends presentation, Mary Meeker reported that the average number of apps installed on a device worldwide is 33. We found that 25 percent of mobile apps harbor at least one high-risk vulnerability in our 2016 NowSecure Mobile Security Report. That means it’s possible that each of those one billion phones has at least eight vulnerable apps installed on them. To make sure the apps you develop aren’t one of those eight, avoid four common mobile app security risks.
“The new chairwoman of the Federal Trade Commission said Thursday she wants to rein in the agency’s more aggressive data security actions, and lawyers for the latest electronics maker the FTC is suing for poor cybersecurity are calling on her to withdraw the case.”
“If I’m willing to spend a couple of hours automating my coffee intake, there are countless cyber criminals out there willing to put in the time for a much higher-stakes reward.”
P.S. If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now via the NowSecure Subscription Center.